Release Notes for Cisco Configuration Professional 2.6

December 5, 2011

OL-26292-01

These release notes support Cisco Configuration Professional (Cisco CP) version 2.6. They should be used with the documents listed in the "Related Documentation" section.

These release notes are updated as needed. To ensure that you have the latest version of these release notes, go to http://www.cisco.com/go/ciscocp. In the Support box, choose Release and GeneralInformation > ReleaseNotes, and then find the latest release notes for your release.

Routers that are ordered with Cisco CP are shipped with Cisco CP Express installed in router flash memory. Cisco CP Express is a light-weight version of Cisco CP that you can use to configure LAN and WAN interfaces.

System Requirements

This sections describes PC and router system requirements. It contains the following parts:

PC System Requirements

Table 1 lists the system requirements for a PC running Cisco CP. Although the Cisco CP application requires Java Runtime Environment (JRE) to run, the Cisco CP Express application included with Cisco CP can run under the native Java Virtual Machine in the supported browsers and JRE.

Determining the Cisco IOS Release

To determine the release of Cisco IOS software currently running on your Cisco router, log into the router and enter the showversion EXEC command. The following sample output from the showversion command indicates the Cisco IOS release on the second output line:

Router Configuration Requirements

To run Cisco CP, a router configuration must meet the requirements shown in Table 8.

Table 8 Router Configuration Requirements

Feature

Requirement

Configuration Example

Secure access

SSH and HTTPS

Router(config)# ip http secure-server

Router(config)# ip http authentication local

Router(config)# line vty 0 15

Router(config)# login local

Router(config-line)# transport input ssh

Router(config-line)# transport output ssh

Nonsecure access

Telnet and HTTP

Router(config)# ip http server

Router(config)# ip http authentication local

Router(config)# line vty 0 15

Router(config)# login local

Router(config-line)# transport input telnet

Router(config-line)# transport output telnet

User privilege level

15

Router(config)# usernameciscoprivilege15secret0cisco

The default configuration file meets all Cisco CP requirements. The default configuration file has the name cpconfig-model_number.cfg. For example, the configuration file for the Cisco 860 and Cisco 880 routers is cpconfig-8xx.cfg.

Cisco CP Ordering Options

Table 9 describes the ordering options under which Cisco CP can be ordered. Cisco CP Express is a product that is shipped in router flash memory when the router is ordered with Cisco CP.

Cisco CP Minimum Screen Resolution

JRE Settings for Cisco CP

The following JRE settings are needed for Cisco CP to function properly:

Step 1 Go to Start > Control Panel > Java.

Step 2 Click View under Java Applet Runtime Settings.

Step 3 Select your JRE in use.

Step 4 Set the "Java runtime parameters" with the value "-Xmx256m -Dsun.java2d.d3d=false".

In addition, if JRE is upgraded to versions 1.6.0_11 or above, following settings are needed after Cisco CP installation.

Step 1 Go to Start > Control Panel > Java > Advance.

Step 2 Select "Java Plug-in" tree.

Step 3 Uncheck the check box for Enable next-generation Java Plug-in.

Step 4 Restart Cisco CP.

Pop-up Screens Appearing on Primary Monitor if Cisco CP Is Moved to Extended Monitor

If Cisco CP is running on a laptop that is also connected to an external monitor and the screen is set for extended display, pop-up dialog boxes of all SDM applet security pages, routing pages, and help pages appear on the primary monitor. This issue is seen in the following scenario:

Step 1 Connect the monitor to a laptop and set the screen for extended display.

Cisco IOS Enforces One-Time Use of Default Credentials

To address CSCsm25466,Cisco IOS images included with recent shipments of Cisco 800, Cisco 1800, Cisco 2800, Cisco 2900, Cisco 3800 and Cisco 3900 routers, enforce the one-time use of the default user name and password provided in the Cisco CP configuration file. If you bypass Cisco CP or Cisco CP Express and use a console or Telnet connection to log into the router, the login and exec banners warn you that you must change the user name to "cisco" and the password to "cisco" before you log off the router. If you do not change the credentials as directed, you will not be able to log into the router the next time that you attempt to do so.

The following Cisco IOS releases enforce the one-time use of the default credentials:

•12.4(11)T or later

•12.4(11)SW, 12.4(11)SW1, 12.4(11)XV, 12.4(11)XJ

•12.4(9)T5, 12.4(9)T6

•15.0(1)M or later

Follow the procedure in this section to secure the router by creating a new username and password, to remove the login banner and exec banner warnings, and to save the configuration changes to the router startup configuration.

Note If you log into the router using a Telnet or a console connection but do not complete the steps in this procedure, be aware of the following:

•If you do not change the default username and password, and then log off the router, you will not be able to log into the router again without entering the reload command. No additional warning is given before you log off.

•If you do not change the default username and password, but do enter the writememory command before ending the session, future logins will be disabled. In this case, you will need to follow the password recovery procedure at the following link:

To secure the router, remove the banner warnings and save the changes to the router startup config, complete the following steps:

Step 1 Connect the blue console port on your router to a serial port on your PC using the light blue console cable, included with your router. Refer to your router's hardware installation guide for instructions.

Step 2 Connect the power supply to your router, plug the power supply into a power outlet, and turn on your router. Refer to your router's quick start guide for instructions.

Step 3 Use HyperTerminal or a similar terminal emulation program on your PC, with the terminal emulation settings of 9600 baud, 8 data bits, no parity, 1 stop bit, and no flow control, to connect to your router.

Step 4 When prompted, enter the username cisco, and password cisco.

Step 5 Enter configuration mode by entering the following command:

yourname# configureterminal

Create a new username and password by entering the following command:

yourname(config)# usernameusernameprivilege15secret0password

Replace username and password with the username and password that you want to use.

Step 6 Remove the default username and password by entering the following command:

yourname(config)# nousernamecisco

Step 7 To remove the login banner, enter the following command:

yourname(config)# no banner login

The login banner warning will no longer appear.

Step 8 To remove the exec banner, enter the following command:

yourname(config)# no banner exec

The exec banner warning will no longer appear.

Step 9 Leave configuration mode, by entering the following command:

yourname(config)# end

Step 10 Copy the configuration changes to the startup configuration by entering the following command:

yourname# copyrunning-configstartup-config

When logging into the router in the future, use the username and password that you created in Step 6.

The problem described here is caveat CSCsj21989. If you attempt to merge configuration changes made using the Cisco CP Config Editor feature, or replace the running configuration with a configuration from the Config Editor, the router configuration will not be changed if there is a network device with a Network Address Translation (NAT) IP address, or a cache engine in the connection between the PC and the router. If you need to make changes to the router configuration that you would normally make using the Cisco CP Config Editor, use the Cisco IOS CLI instead.Cisco CP Security Dashboard May Display Threats Unrelated to Your Cisco IOS IPS Installation

Some (or all) of the top threats you obtain using the Cisco CP Security Dashboard may not pertain to your Cisco IOS IPS installation. After you deploy the signatures applicable to the top threats displayed by the Cisco CP Security Dashboard, the dashboard may still display some (or all) top threats with a red icon because applicable signatures could not be found. Those remaining top threats are unrelated to your Cisco IOS IPS installation and are not a danger to your router running Cisco IOS software.

Cisco CPMay Lose Connection to Network Access Device

This note concerns the Network Admission Control (NAC) feature.

If the PC used to invoke Cisco CP returns a posture state (Healthy, Infected, Checkup, Quarantine, or Unknown) and if the group policy on the ACS server attached to the posture token assigned to the PC has a redirect URL configured, the connection between Cisco CP and the router acting as the Network Access Device (NAD) may be lost. The same problem can occur if an exception list entry attached to a policy with a redirect URL is configured with the IP address or MAC address of the PC.

If you try to reinvoke Cisco CP from this type of PC, you will not be able to do so because the browser will be redirected to the location specified in the redirect URL.

There are two workarounds for this problem:

•Ensure that the PC that you use to invoke Cisco CP attains a posture token that has an associated group policy on the ACS server that is not configured with a redirect URL.

•Alternatively, use Cisco CP to create a NAC exception list entry with the IP address or MAC address of the PC you use to invoke Cisco CP. Note that the exception list entry created for the PC should be associated to an exception policy that does not have a redirect URL configured in it.

For more information, see the links on the Cisco CP NAC online help pages.

Popup Blockers Disable Cisco CP Online Help

If you have enabled popup blockers in the browser you use to run Cisco CP, online help will not appear when you click the help button. To prevent this from happening, you must disable the popup blocker when you run Cisco CP. Popup blockers may be enabled in search engine toolbars, or may be standalone applications integrated with the web browser.

Symptom Configure the IPS Auto Update settings using the Local Server option. Rediscover the device, part of the configured information related to recurring update schedule is missing from the Edit IPS > Auto Update > Local Server screen.

Conditions This problem is seen when you configure the IPS Auto Update settings using the Local Server option and configure the Update Schedule by selecting the Setup Recurring Update check box. The IPS Auto Update screen does not display the complete configured information when you rediscover the device and navigate to IPS Auto Update screen.

Workaround There is no workaround.

CSCto88259

GenericJDBCException seen while launching Cisco CP.

Symptom The following error is seen during launch of Cisco CP:

org.hibernate.exception.GenericJDBCException: Cannot open
connection

Conditions This problem rarely occurs and there are no specific steps which create the problem. Database corruption can cause it.

Workaround Reinstall Cisco CP.

CSCtn10781

Overlaid extensions do not follow the order you specified.

Symptom

•Case 1—When selecting multiple extensions to be overlaid on a button, the order of extensions is not the same as specified by you.

•Case 2—The display name is overwritten when the extension is part of an overlay group.

Conditions

•Case 1—This occurs when you select multiple extensions to be overlaid on a phone button.

•Case 2—This occurs when the same extension is overlaid on multiple phones.

Workaround There is no workaround. If you require a particular order or display name, you can configure it through the CLI.

CSCtn58565

Auto-line command does not work for phones.

Symptom When editing a phone, the auto-line incoming command does not run.

Conditions This problem occurs when editing a phone to set Auto Line Selection to Incoming.

Workaround There is no workaround. Manually configure the auto-line incoming command under an ephone.

CSCto70309

Unified Communications mode is displayed as CUBE when the mode border-element command is not configured.

Symptom On an ISR-G2, if the mode border-element command is not configured under voice service voip and if telephony service and max-dn commands are configured, Cisco CP displays the Unified Communications feature as CUBE.

Conditions This problem occurs only on an ISR-G2 if the mode border-element is not configured and if max-dn is configured under the telephony-service command.

Workaround Select the appropriate mode in the Unified Communications Features screen and deliver the CLI.

CSCtn98336

Reset to default in Unified Communications Features does not clear some configurations.

Symptom The Reset to Default option in the Unified Communications Features screen does not remove some of the configurations from the router.

Conditions This problem is seen when you configure the Gateway option via Cisco CP and then select Reset to Default. The Universal and Security Transcoding Dspfarm profile in the gateway configuration is not removed from the router.

Workaround Remove the configuration through the CLI.

CSCto67064

Certain date formats not supported in EnergyWise scheduling.

Symptom When you try to access the EnergyWise feature, the following error is displayed:

An internal error has occurred.

Conditions This issue is seen when you have entered EnergyWise schedule in a format that is not supported by Cisco CP (involving commas). Cisco CP does not support manual configuration of schedules because these schedules can be read incorrectly or can cause existing schedules to be removed. Cisco CP compatible schedules contain a date format in the form of spaced numbers without the use of commas, for example energywise level 1 recurrence importance 1 at 0 1 * * 0. Wildcards (*) are allowed in addition to 0-9.

Workaround If you have a schedule with an incompatible format, convert it into multiple schedules that are compatible with Cisco CP:

energywise level 1 recurrence importance 1 at 0 1 * * 0,1,2,3,4,5,6

should be converted to:

energywise level 1 recurrence importance 1 at 0 1 * * 0

energywise level 1 recurrence importance 1 at 0 1 * * 1

energywise level 1 recurrence importance 1 at 0 1 * * 2

energywise level 1 recurrence importance 1 at 0 1 * * 3

energywise level 1 recurrence importance 1 at 0 1 * * 4

energywise level 1 recurrence importance 1 at 0 1 * * 5

energywise level 1 recurrence importance 1 at 0 1 * * 6

CSCto07804

Traffic Monitoring Netflow Services fails to start in some scenarios.

Symptom Data Collector Service fails to start as a result of which data is not collected from the router.

Conditions This can happen if files are not copied properly or get corrupted while installing the Data Collector Service.

Workaround Reinstall the Data Collector Service.

CSCto73606

Traffic Monitoring: Cisco CP displays error when you click Start Monitoring or Stop Monitoring on any interface while Data Collector Services are not running.

Symptom Cisco CP displays a pop-up with Java.lang.NullPointerException error when you try to stop monitoring by clicking on the Stop Monitoring link, while the Interface Collector Service is not running.

Conditions Cisco CP displays error when you try to stop monitoring by clicking on the Stop Monitoring link, while the Interface Collector Service is not running.

Workaround Start the Interface Collector Service and then stop monitoring.

CSCto76962

Traffic Monitoring: Cisco CP displays value as 0 when interface is not being monitored.

Symptom Cisco CP displays the value as zero (0) if an interface is not being monitored for some time.

Conditions If you monitor traffic on an interface for some time, stop and then start monitoring traffic again, Cisco CP displays a value of zero for the time interval when you were not monitoring the interface.

Workaround There is no workaround.

CSCto96064

Rollback failing when imported phone is SIP.

Symptom Cisco CP displays an error message that rollback has failed on Bulk Import and the application does not get updated. You can see bulk imported data under phones, users, and extensions.

Conditions Rollback on Bulk Import with a SIP phone entry is failing as the commands no create profile and create profile issued during rollback fails. As a result, rollback is considered as failed although the configuration on the router created due to Bulk Import has reverted successfully.

Workaround Manually issue the command no create profile followed by the command create profile under voice register global to update the files on the Flash. Rediscover the device.

•Case 3—When a virtual machine, for example VM1 is already added to the user/group, adding one more virtual machine may create multiple entries in the Permissions summary screen upon refreshing the page.

Workaround

•Case 1—There is no workaround. Assume that the default virtual machine Host is associated to the user/group when Select is displayed.

•Case 2—To add multiple virtual machines to the user/group, use the CLI.

•Case 3—Read each entry as corresponding to one instance of virtual machine associated with the user/group.

Symptom When you click Finish in the 802.1x wizard for GRWIC-D-ES-2S-8PC or GRWIC-D-ES-6S with high-security or low-impact as the mode an error Configuration failed radius-server vsa send is seen.

Conditions This issue is seen when you click Finish in the 802.1x wizard for GRWIC-D-ES-2S-8PC or GRWIC-D-ES-6S with high-security mode or low-impact mode. The issue is not seen in the monitor mode.

Workaround Configure AAA details using monitor mode and then change to low-impact mode or high-security mode.

CSCth67558

Unable to discover switching module.

Symptom Cisco CP fails to discover switching module and reports that the module is being reloaded in the discovery details.

Conditions When the switching module is configured with login local or AAA new-model configuration or both, the module requires one more level of authentication along with the usual authentication. In this case, you need to provide the username and password twice to get into the module prompt.

Workaround Remove the login local and AAA new-model configuration so that the extra level of authentication is not required.

CSCto98404

Number of Retries Remaining displays as NULL if wrong SIM PIN is entered.

Note For information on obtaining documentation and technical assistance, product security, and additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html.

Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1110R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.